I wish the filters were a little bit more prepopulated. It would have been easy to hit a drop-down and select a filter. If I only wanted to look at DCP, UDP, or IP, it would be easy to filter it out. Advanced network knowledge is required to get a lot out of the tool. However, it's very easy to install and deploy. It would be nice if there were some handheld Android devices with a Wireshark-specialized application that would allow us to mirror a Cisco port. Then, we can just plug into the port and click the green start button, and it will start ingesting the packet capture. Then, we won’t be using a laptop. The only downside is that we must have a laptop and connect a network cable. Some new laptops don't have network ports, so we have to get another adapter. Having an all-in-one device, like NetAlly or Fluke, and some of their network devices would be cool.
The product has been using the same GUI for many years. The product must make its GUI more interactive and user-friendly. Any IT person working on the product would understand the information displayed on the product, but the GUI is not that familiar.
Teaching Assistant at University of Colorado Boulder
Real User
Top 20
2023-05-19T18:39:48Z
May 19, 2023
With Wireshark, you cannot download and utilize the packet in automation. Automation is right now expanding its own stuff. People are using some headless servers that do not need a GUI. So Wireshark will only be available if there is a GUI so you can see that packet clearly. So there is no transferring form of Wireshark right now available. You need to have some GUI on the server so you can check that via the check packet.
Previously, I have used Wireshark in some of the financial companies I have been involved with. For example, when I was employed at a bank, we used Wireshark. However, I have noticed that Wireshark is restricted when any sort of encryption is involved, such as XSL encryption or DLX. This means that Wireshark cannot be used to its full potential. Therefore, I think that Wireshark or the vendors should consider including features to penetrate firewalls and get the data, such as including any hash types. I would like the ability to sniff user credentials, such as passwords, rather than clear text. Wireshark should be able to sniff basic encryption, such as 128 and 64-bit encryption, as other solutions do.
Student at a university with 1,001-5,000 employees
Real User
Top 20
2022-12-14T16:06:11Z
Dec 14, 2022
Whenever we select one of the packets, in terms of the number of bytes, for example, there are three planes, and in the detailed plane, I have to count the number of bytes manually. Also, sometimes when I'm trying to select the number of bytes, the selection does not go properly. If we were to go on selecting it, the number of bytes also showed up as to how many bytes have been selected in the detailed plane.
Wireshark is similar to an OS defense tool, meaning that it runs on an OS such as Ubuntu and Fedora, but I'm unsure if it's compatible with Windows or if it's a straightforward process to run it on Windows. Right now, my team needs to run Wireshark from a dongle to use it, so it's an OS-dependable tool, and that's an area for improvement. I was unable to use Wireshark on Windows, and I couldn't capture it, as I'm unsure how to configure the wireless card into monitoring mode on Windows. The process was straightforward on Linux, but it wasn't the case on Windows OS. It seems Wireshark isn't compatible with all OS. For example, you can analyze the log, and you can analyze it on the Windows server, but you can't do a capture in Windows. Configuring Wireshark for Windows isn't as easy as configuring it for Linux. What I'd like to see in the next release of Wireshark is the capability to capture packets from the ethernet.
We would like the product to be developed so that it doesn't rely on internet access for installation. We would like to see all of the components required to be integrated into the installer.
I would like better control of bandwidth from the service provider. Some network failures are due to bandwidth so I would like to be able to increase capacity at any time and ensure it holds at that level.
Senior Lead Engineer at a wireless company with 10,001+ employees
Real User
2022-07-07T06:41:00Z
Jul 7, 2022
In my previous company, we had Omnipeek, and the UI was better than Wireshark. This product needs to improve the UI. Generally, you can use Omnipeek to capture packets. You can also use Wireshark to capture packets. However, they need a compatible adapter. If we use Wireshark without a compatible adapter, we really don't go to capture packets using it. We already get captures from the field and from customers, and we just use it for analysis. I would make maybe adding filters easy. There are some options that we can enable to look into the packet. For example, the default installation of Wireshark doesn't have much information. You can just get to see the packet number, the time's terms, the source address, the destination address, and some detailed information. If I want to see the RSSI, the channel number, the protocol information, or the data rate, I need to go and modify some of the configurations to add columns to display this information. I need to spend some time with it. Therefore, the Wireshark default installation could probably include some more crucial information. That would be a little helpful.
Network Security Engineer at Ares Management Corporation
Real User
2022-06-02T08:01:00Z
Jun 2, 2022
The solution has a steep learning curve. There are so many filters and features that are frequently being updated, it takes research, experience and familiarity to be able to use them. It could be a lot more user-friendly.
A room for improvement in Wireshark is its ease of use for beginners. It could be better. Another room for improvement in the tool is for it to provide more details about the traffic load. At the moment, Wireshark is adequate for me, so there isn't anything I'd like added to it in its next version.
I can't suggest anything as of now regarding Wireshark. I have never found any issues or had any difficulty using it. Be it connecting the system to the network directly and capturing the data through Wireshark, or for a specific time, it's been flawless. I have got the results every time I've needed them. You need good network connectivity to download during the setup, otherwise, it might take a while.
Competence Center Manager at a tech services company with 201-500 employees
Real User
2022-05-18T22:22:00Z
May 18, 2022
I would like to see Wireshark improve the ease of application of the command. The command is very powerful, but not easy to apply. For the next release, I would like to see the motion of the measurement of the terminal loss packet. The round-trip delay. Also, it would benefit from improving the capability to evolve in real-time.
Founder and CEO at a tech services company with 1-10 employees
Real User
2021-05-05T21:07:41Z
May 5, 2021
Its user interface was a little less friendly. They can make its user interface a little bit more friendly. It is for technical people, and most of the technical people would be able to figure it out, but it would be good to improve its user interface. They can maybe build artificial intelligence into it. Currently, it takes a lot of manpower to analyze and dissect all the data.
The only thing that I don't like is sometimes there is an update, and something that I was using is either no longer there or it has changed. However, this is common when they upgrade software, so it's normal with any software. Because this product is open-source, sometimes there are contributors who make changes and they aren't properly vetted throughout the whole community. Access to older functionality should stay as a user preference so that they can still use it the old way if they want to.
NextGen TV (ATSC 3.0) Systems Engineer at PeerSpot
Real User
Top 20
2020-03-16T22:00:00Z
Mar 16, 2020
The system could be improved upon by adding a better and more powerful data processing engine. The original was based on the Raspberry Pi. The RPi unit acted as a sensor on the network relaying information back to a centralized computer which was able to correlate and provide analysis as to the packets and their reaction to traffic loads. Much improvement could have been done but we were not that lucky. The more we designed items the more we began to realize that we were getting too far from our central goal of trying to make the network better.
I wish the filters were a little bit more prepopulated. It would have been easy to hit a drop-down and select a filter. If I only wanted to look at DCP, UDP, or IP, it would be easy to filter it out. Advanced network knowledge is required to get a lot out of the tool. However, it's very easy to install and deploy. It would be nice if there were some handheld Android devices with a Wireshark-specialized application that would allow us to mirror a Cisco port. Then, we can just plug into the port and click the green start button, and it will start ingesting the packet capture. Then, we won’t be using a laptop. The only downside is that we must have a laptop and connect a network cable. Some new laptops don't have network ports, so we have to get another adapter. Having an all-in-one device, like NetAlly or Fluke, and some of their network devices would be cool.
The solution’s user interface could be improved.
The decryption of encrypted packets could be better.
While Wireshark is useful, the GUI interface is less accurate, showing only limited information.
The product has been using the same GUI for many years. The product must make its GUI more interactive and user-friendly. Any IT person working on the product would understand the information displayed on the product, but the GUI is not that familiar.
With Wireshark, you cannot download and utilize the packet in automation. Automation is right now expanding its own stuff. People are using some headless servers that do not need a GUI. So Wireshark will only be available if there is a GUI so you can see that packet clearly. So there is no transferring form of Wireshark right now available. You need to have some GUI on the server so you can check that via the check packet.
Previously, I have used Wireshark in some of the financial companies I have been involved with. For example, when I was employed at a bank, we used Wireshark. However, I have noticed that Wireshark is restricted when any sort of encryption is involved, such as XSL encryption or DLX. This means that Wireshark cannot be used to its full potential. Therefore, I think that Wireshark or the vendors should consider including features to penetrate firewalls and get the data, such as including any hash types. I would like the ability to sniff user credentials, such as passwords, rather than clear text. Wireshark should be able to sniff basic encryption, such as 128 and 64-bit encryption, as other solutions do.
Whenever we select one of the packets, in terms of the number of bytes, for example, there are three planes, and in the detailed plane, I have to count the number of bytes manually. Also, sometimes when I'm trying to select the number of bytes, the selection does not go properly. If we were to go on selecting it, the number of bytes also showed up as to how many bytes have been selected in the detailed plane.
The solution can be improved by increasing its capacity to manage larger files. Wireshark gets stuck when it is a larger file.
Wireshark is similar to an OS defense tool, meaning that it runs on an OS such as Ubuntu and Fedora, but I'm unsure if it's compatible with Windows or if it's a straightforward process to run it on Windows. Right now, my team needs to run Wireshark from a dongle to use it, so it's an OS-dependable tool, and that's an area for improvement. I was unable to use Wireshark on Windows, and I couldn't capture it, as I'm unsure how to configure the wireless card into monitoring mode on Windows. The process was straightforward on Linux, but it wasn't the case on Windows OS. It seems Wireshark isn't compatible with all OS. For example, you can analyze the log, and you can analyze it on the Windows server, but you can't do a capture in Windows. Configuring Wireshark for Windows isn't as easy as configuring it for Linux. What I'd like to see in the next release of Wireshark is the capability to capture packets from the ethernet.
We would like the product to be developed so that it doesn't rely on internet access for installation. We would like to see all of the components required to be integrated into the installer.
I would like better control of bandwidth from the service provider. Some network failures are due to bandwidth so I would like to be able to increase capacity at any time and ensure it holds at that level.
In my previous company, we had Omnipeek, and the UI was better than Wireshark. This product needs to improve the UI. Generally, you can use Omnipeek to capture packets. You can also use Wireshark to capture packets. However, they need a compatible adapter. If we use Wireshark without a compatible adapter, we really don't go to capture packets using it. We already get captures from the field and from customers, and we just use it for analysis. I would make maybe adding filters easy. There are some options that we can enable to look into the packet. For example, the default installation of Wireshark doesn't have much information. You can just get to see the packet number, the time's terms, the source address, the destination address, and some detailed information. If I want to see the RSSI, the channel number, the protocol information, or the data rate, I need to go and modify some of the configurations to add columns to display this information. I need to spend some time with it. Therefore, the Wireshark default installation could probably include some more crucial information. That would be a little helpful.
The solution has a steep learning curve. There are so many filters and features that are frequently being updated, it takes research, experience and familiarity to be able to use them. It could be a lot more user-friendly.
Wireshark could be improved by adding more monitoring features.
It works pretty well, and we haven't seen any areas that are lacking. We'd like to be able to extract the output into an Excel table.
A room for improvement in Wireshark is its ease of use for beginners. It could be better. Another room for improvement in the tool is for it to provide more details about the traffic load. At the moment, Wireshark is adequate for me, so there isn't anything I'd like added to it in its next version.
I can't suggest anything as of now regarding Wireshark. I have never found any issues or had any difficulty using it. Be it connecting the system to the network directly and capturing the data through Wireshark, or for a specific time, it's been flawless. I have got the results every time I've needed them. You need good network connectivity to download during the setup, otherwise, it might take a while.
Wireshark's UI isn't easy to handle and doesn't have as nice a view as Omnipeek.
Wireshark could be improved with a delay option when getting data automatically. It could also work faster.
It would be better if they offered a hybrid version like My Cloud Control.
I would like to see Wireshark improve the ease of application of the command. The command is very powerful, but not easy to apply. For the next release, I would like to see the motion of the measurement of the terminal loss packet. The round-trip delay. Also, it would benefit from improving the capability to evolve in real-time.
DNS could be improved.
Its user interface was a little less friendly. They can make its user interface a little bit more friendly. It is for technical people, and most of the technical people would be able to figure it out, but it would be good to improve its user interface. They can maybe build artificial intelligence into it. Currently, it takes a lot of manpower to analyze and dissect all the data.
The only thing that I don't like is sometimes there is an update, and something that I was using is either no longer there or it has changed. However, this is common when they upgrade software, so it's normal with any software. Because this product is open-source, sometimes there are contributors who make changes and they aren't properly vetted throughout the whole community. Access to older functionality should stay as a user preference so that they can still use it the old way if they want to.
The system could be improved upon by adding a better and more powerful data processing engine. The original was based on the Raspberry Pi. The RPi unit acted as a sensor on the network relaying information back to a centralized computer which was able to correlate and provide analysis as to the packets and their reaction to traffic loads. Much improvement could have been done but we were not that lucky. The more we designed items the more we began to realize that we were getting too far from our central goal of trying to make the network better.